Quick Study

By Brian Robinson

Administration's wiretapping push could damage cloud security

In another case of unintended consequences, now come warnings that the Obama administration’s call to Internet service providers and other firms to make it easier for the FBI to tap into online communications could damage attempts to tighten security in the cloud.

Security research firm Securosis says that the proposal, which is aimed at denying terrorists and other groups the advantage of encrypted communications, will create “a single point of security failure within organizations and companies that don’t have the best security track record to begin with.”

The administration’s proposal specifically targets peer-to-peer communications, requiring companies that deliver these types of services to redesign them to allow interception. There’s only a limited number of ways to do that, Securosis says, and each of them creates new opportunities for security failures. Those failures are also likely to be detectable by bad guys with some fairly basic techniques, it says.

ReadWriteWeb, which provided the initial link to the Securosis post, points out that means nothing but trouble for cloud providers. Instead of locking the cloud down tighter, this proposal would create an always-open backdoor into the cloud.

Government clouds are mostly behind the firewall now, but at some point they’ll have to connect to public services if they want to make full use of the cloud. If Securosis is right, the administration’s proposal might serve to throttle the use of the cloud by the feds, who are paranoid about its security, at the same time that the White House is trying to promote it.

Reader comments

Fri, Oct 15, 2010

'These reactions are silly. Essentially the entire world has long had similar requirements as those being requested by the US DOJ. Those requirements have associated standards and the capabilities implemented. This dialogue is typical US-centric banter.' Uh, just because the rest of the world does it, does not make it right. People started this country to get away from submitting to whims of kings and potentates. Freedom has risks, but I am not willing to trade less freedom for fewer risks.

Tue, Oct 5, 2010
Jack Druides
California

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Will someone please explain how the 4th Amendment allows the government to even consider building back doors into the Internet?

Fri, Oct 1, 2010
GlobalView
Europe

These reactions are silly. Essentially the entire world has long had similar requirements as those being requested by the US DOJ. Those requirements have associated standards and the capabilities implemented. This dialogue is typical US-centric banter.

Thu, Sep 30, 2010
RayW

As was commented on in another thread on the next Obama plan to "make us safe", the more you add taps, the less secure you make things since whatever man (or woman if you want to be today's politically correct) makes, someone else will be able to use/break.

While the dreaded 'Bush' phone monitor program of post 9/11 did find several plots that I know of (and I only had a very small window of visibility, not even state wide), the monitoring of phone lines did not open gaps that many other folks could easily exploit. Adding back doors to access all forms of internet usage that could constitute "peer to peer" communications and encrypted communications would open up a lot of holes that would affect not only Joe and Jane Six Pack, but commerce, industry, finance, and others. The more back doors put on communications and internet access, the better the chance that your bank account and identity will be available for someone else.

Besides, how do you define peer to peer? There are many ways to communicate over the net and pass messages that are encrypted, and many different encryption variations, how do you get back doors on all of them? Make ISPs have to add back doors and maintain them, and guess what will happen to internet rates? Obama will not pay for it out of his various incomes, we will out of what we have left if we want the access still.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.